Abstract
Emergence of cloud computing technologies have changed the way we store, retrieve, and archive our data. With the promise of unlimited, reliable and always-available storage, a lot of private and confidential data are now stored on different cloud platforms. Being such a gold mine of data, cloud platforms are among the most valuable targets for attackers. Therefore, many forensics investigators have tried to develop tools, tactics and procedures to collect, preserve, analyse and report evidences of attackers’ activities on different cloud platforms. Despite the number of published articles there isn’t a bibliometric study that presents cloud forensics research trends. This paper aims to address this problem by providing a comprehensive assessment of cloud forensics research trends between 2009 and 2016. Moreover, we provide a classification of cloud forensics process to detect the most profound research areas and highlight remaining challenges.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
“Forecast: IT Services, 2011-2017, 4Q13 Update.” [Online]. Available: https://www.gartner.com/doc/2637515/forecast-it-services-q. [Accessed: 09-Dec-2016].
Cisco Public, “Cisco Global Cloud Index: Forecast and Methodology, 2015–2020,” 2016.
P. Mell and T. Grance, “The NIST Final Version of NIST Cloud Computing Definition Published,” Nist Spec. Publ., vol. 145, p. 7, 2011.
S. Bhardwaj, L. Jain, and S. Jain, “An Approach for Investigating Perspective of Cloud Software-as-a-Service (SaaS),” Int. J. Comput. Appl., vol. 10, no. 2, pp. 975–8887, 2010.
P. Mell and T. Grance, “The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology,” Natl. Inst. Stand. Technol. Inf. Technol. Lab., vol. 145, p. 7, 2011.
J. Dykstra and A. T. Sherman, “Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques,” Digit. Investig., vol. 9, no. S, pp. S90–S98, Aug. 2012.
N. Gupta, B. Tech, B. Chauhan, T. Anand, and C. Dewan, “Cloud Computing: Comparison with Previous Technique and Research Challenges,” Int. J. Comput. Appl., vol. 85, no. 8, pp. 975–8887, 2014.
K. Weins, “Cloud Computing Trends: 2016 State of the Cloud Survey,” 2016.
A. Hutchings, R. G. Smith, and L. James, “Criminals in the Cloud: Crime, Security Threats, and Prevention Measures,” in Cybercrime Risks and Responses, London: Palgrave Macmillan UK, 2015, pp. 146–162.
“Cybercrime Now Surpasses Traditional Crime In UK.” [Online]. Available: http://www.darkreading.com/threat-intelligence/cybercrime-now-surpasses-traditional-crime-in-uk/d/d-id/1326208. [Accessed: 12-Dec-2016].
K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie, “Cloud forensics,” Advances in Digital Forensics VII, IFIP Advances in Information and Communication Technology, vol. 361. pp. 35–46, 2011.
M. Al Fahdi, N. L. Clarke, and S. M. Furnell, “Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions,” in 2013 Information Security for South Africa - Proceedings of the ISSA 2013 Conference, 2013.
A. T. Dykstra, Josiah; Sherman, “UNDERSTANDING ISSUES IN CLOUD FORENSICS: TWO HYPOTHETICAL CASE STUDIES - ProQuest,” Proc. Conf. Digit. Forensics, Secur. Law, no. 45, pp. 1–10, 2011.
S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, “A forensic acquisition and analysis system for IaaS,” Clust. Comput. J. NETWORKS Softw. TOOLS Appl., vol. 19, no. 1, pp. 439–453, Mar. 2016.
“Forensic Toolkit (FTK).” [Online]. Available: http://accessdata.com/products-services/forensic-toolkit-ftk. [Accessed: 13-Jul-2017].
“EnCase Endpoint Investigator - Remote Digital Investigation Solution.” [Online]. Available: https://www.guidancesoftware.com/encase-endpoint-investigator. [Accessed: 13-Jul-2017].
“Snort - Network Intrusion Detection & Prevention System.” [Online]. Available: https://www.snort.org/. [Accessed: 13-Jul-2017].
J. Dykstra and A. T. Sherman, “Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform,” in Digital Investigation, 2013, vol. 10, no. SUPPL.
E. Bursztein, I. Fontarensky, M. Martin, and J.-M. Picod, “Beyond files recovery OWADE cloud-based forensic.” BlackHat, 2011.
Amazon Web Services, “AWS CloudTrail : User Guide,” 2016.
G. Combs, “Wireshark · Go Deep.,” 2017. [Online]. Available: https://www.wireshark.org/. [Accessed: 29-May-2017].
“The Sleuth Kit.” [Online]. Available: http://www.sleuthkit.org/sleuthkit/. [Accessed: 13-Jul-2017].
“Software for Computer Forensics, Data Recovery, and IT Security.” [Online]. Available: http://www.x-ways.net/. [Accessed: 13-Jul-2017].
“EnCase eDiscovery- Litigation Hold Management & Digital Forensics.” [Online]. Available: https://www.guidancesoftware.com/encase-ediscovery. [Accessed: 13-Jul-2017].
B. Martini and K.-K. R. Choo, “An integrated conceptual digital forensic framework for cloud computing,” Digit. Investig., vol. 9, no. 2, pp. 71–80, Nov. 2012.
N. H. Ab Rahman, N. D. W. Cahyani, and K. K. R. Choo, “Cloud incident handling and forensic-by-design: Cloud storage as a case study,” Concurrency Computation , 2016.
D. Quick and K.-K. R. Choo, “Dropbox analysis: Data remnants on user machines,” Digit. Investig., vol. 10, no. 1, pp. 3–18, Jun. 2013.
F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Aust. J. Forensic Sci., vol. 618, no. July, pp. 1–14, 2016.
F. Daryabar et al., “Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices,” Aust. J. Forensic Sci., vol. 48, no. 1, pp. 1–28, 2016.
R. Shariati, Mohammad; Dehghantanha, Ali; Choo, “SugarSync Forensic Analysis,” Res. Artic., p. 28, 2014.
T. Dargahi, A. Dehghantanha, and M. Conti, “Chapter 12 – Investigating Storage as a Service Cloud Platform: pCloud as a Case Study,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, 2017, pp. 185–204.
S. H. Mohtasebi, A. Dehghantanha, and K.-K. R. Choo, “Chapter 13 – Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, 2017, pp. 205–246.
A. Dehghantanha and T. Dargahi, “Chapter 14 – Residual Cloud Forensics: CloudMe and 360Yunpan as Case Studies,” in Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, 2017, pp. 247–283.
B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin, “Cloud Storage Forensic: hubiC as a Case-Study,” in 2015 IEEE 7TH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), 2015, pp. 536–541.
Y.-Y. Teing, D. Ali, K. Choo, M. T. Abdullah, and Z. Muda, “Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study,” IEEE Trans. Sustain. Comput., pp. 1–1, 2017.
Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, and L. T. Yang, “Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study,” Comput. Electr. Eng., 2016.
Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensic Sci., Nov. 2016.
S. A. Almulla, Y. Iraqi, and A. Jones, “A State-of-the-Art Review of Cloud Forensics,” J. Digit. Forensics, Secur. Law, vol. 9, no. 4, pp. 7–28, 2014.
G. E. Derrick, A. Haynes, S. Chapman, and W. D. Hall, “The Association between Four Citation Metrics and Peer Rankings of Research Influence of Australian Researchers in Six Fields of Public Health,” PLoS One, vol. 6, no. 4, 2011.
E. Garfield, “The History and Meaning of the Journal Impact Factor,” J. Am. Med. Assoc., vol. 19104, no. 1, pp. 90–93, 2006.
“A New Dimension in Documentation through Association of Ideas.” [Online]. Available: http://www.garfield.library.upenn.edu/papers/science_v122v3159p108y1955.html. [Accessed: 09-Dec-2016].
L. I. Meho and K. Yang, “Impact of data sources on citation counts and rankings of LIS faculty: Web of science versus scopus and google scholar,” J. Am. Soc. Inf. Sci. Technol., vol. 58, no. 13, pp. 2105–2125, 2007.
G. Ict and S. March, “Government Cloud Strategy,” no. March, 2011.
M. Metheny, “Federal Cloud Computing,” Fed. Cloud Comput., pp. 71–102, 2013.
H. Small, “Visualizing science by citation mapping,” J. Am. Soc. Inf. Sci., vol. 50, no. 9, pp. 799–813, 1999.
M. F. A. Razak, N. B. Anuar, R. Salleh, and A. Firdaus, “The rise of malware: Bibliometric analysis of malware study,” Journal of Network and Computer Applications, vol. 75. pp. 58–76, 2016.
L. Bornmann and H.-D. Daniel, What do citation counts measure? A review of studies on citing behavior, vol. 64, no. 1. 2008.
J. E. Hirsch, “Does the H index have predictive power?,” Proc. Natl. Acad. Sci. U. S. A., vol. 104, no. 49, pp. 19193–8, 2007.
E. Garfield, “Can Citation Indexing be Automated?,” Stat. Assoc . Methods Mech. Doc., vol. 269, pp. 84–90, 1964.
X. Wu, X. Chen, F. B. Zhan, and S. Hong, “Global research trends in landslides during 1991???2014: a bibliometric analysis,” Landslides, vol. 12, no. 6, pp. 1215–1226, 2015.
K. Choo, “Cloud computing: challenges and future directions,” Trends Issues Crime Crim. Justice, no. 400, pp. 1–6, 2010.
J. J. Shah and L. G. Malik, “Cloud Forensics: Issues and Challenges,” in 2013 Sixth International Conference on Emerging Trends in Engineering and Technology (ICETET 2013), 2013, pp. 138–139.
D. Birk and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” 2011 Sixth IEEE Int. Work. Syst. Approaches to Digit. Forensic Eng., pp. 1–10, 2011.
M. Damshenas, A. Dehghantanha, R. Mahmoud, and S. Bin Shamsuddin, “Forensics investigation challenges in cloud computing environments,” in Proceedings 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic, CyberSec 2012, 2012, pp. 190–194.
N. Raza, “Challenges to network forensics in cloud computing,” in Proceedings - 2015 Conference on Information Assurance and Cyber Security, CIACS 2015, 2016, pp. 22–29.
A. Butler and K. Choo, “IT standards and guides do not adequately prepare IT practitioners to appear as expert witnesses: An Australian perspective,” Secur. J., pp. 1–20, 2013.
D. Quick, B. Martini, and K.-K. R. Choo, “Cloud Storage Forensics,” Cloud Storage Forensics, no. October, pp. 13–21, 2014.
S. Ahmed and M. Y. A. Raja, “Tackling cloud security issues and forensics model,” in 7th International Symposium on High-Capacity Optical Networks and Enabling Technologies, HONET 2010, 2010, pp. 190–195.
G. Grispos, T. Storer, and W. Glisson, “Calm before the storm: the challenges of cloud computing in digital forensics,” Int. J. Digit. Crime Forensics, vol. 4, no. 2, pp. 28–48, 2012.
D. Reilly, C. Wren, and T. Berry, “Cloud computing: Forensic challenges for law enforcement,” Internet Technol. Secur. Trans. (ICITST), 2010 Int. Conf., pp. 1–7, 2010.
Mauro Conti, Ali Dehghantanha, Katrin Franke, Steve Watson, “Internet of Things Security and Forensics: Challenges and Opportunities”, Future Generation Computer Systems Journal, DoI: https://doi.org/10.1016/j.future.2017.07.060, 2017
Hamed HaddadPajouh, Ali Dehghantanha, Raouf Khayami, and Kim-Kwang Raymond Choo, “Intelligent OS X Malware Threat Detection”, Journal of Computer Virology and Hacking Techniques, 2017
Amin Azmoodeh, Ali Dehghantanha, Mauro Conti, Raymond Choo, “Detecting Crypto-Ransomware in IoT Networks Based On Energy Consumption Footprint”, Journal of Ambient Intelligence and Humanized Computing, DOI: 10.1007/s12652-017-0558-5, 2017
Amin Azmoudeh, Ali Dehghantanha and Kim-Kwang Raymond Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning”, IEEE Transactions on Sustainable Computing, 2017
Dennis Kiwia, Ali Dehghantanha, Kim-Kwang Raymond Choo, Jim Slaughter, "A Cyber Kill Chain Based Taxonomy of Banking Trojans for Evolutionary Computational Intelligence", Journal of Computational Science, 2017
Sajad Homayoun, Ali Dehghantanha, Marzieh Ahmadzadeh, Sattar Hashemi, Raouf Khayami, "Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence", IEEE Transactions on Emerging Topics in Computing, 2017 - DOI: 10.1109/TETC.2017.2756908
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Baldwin, J., Alhawi, O.M.K., Shaughnessy, S., Akinbi, A., Dehghantanha, A. (2018). Emerging from the Cloud: A Bibliometric Analysis of Cloud Forensics Studies. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds) Cyber Threat Intelligence. Advances in Information Security, vol 70. Springer, Cham. https://doi.org/10.1007/978-3-319-73951-9_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-73951-9_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-73950-2
Online ISBN: 978-3-319-73951-9
eBook Packages: Computer ScienceComputer Science (R0)